In late 2019 and early 2020, DAI and our partner Caribou Digital worked closely with the U.K. Department for International Development (now called the U.K. Foreign, Commonwealth, and Development Office) to analyse identification and registration systems in protracted and recurrent crises. The research explored the feasibility of designing humanitarian aid management information systems (MIS) to link with social protection systems and to support a transition, in the long-term, to state social assistance. Whilst the focus was principally on the interoperability of such systems, our legal, digital, and protection brains also pushed us to focus on the risks associated with data collection, sharing, and storage.
This blog is the first in a series on MIS in crises, as the findings from our research are many and broad. For those interested in reading more about the research, the external reports can be found here. and here.
HSNP Kenya - Beneficiary fingerprint registration
In targeted distribution systems, such as those found in humanitarian response or social protection programming, data systems to register and identify recipients of transfers underpin everything. They tell the implementer who is eligible, who is not, what they should get, and for how long. As the data defines who gets what, collection of the data is often the beneficiaries’ first point of contact with the responders. This contact happens when they are at their most vulnerable and the data held is extremely sensitive.
In humanitarian emergencies, there are often numerous responders; including those distributing cash assistance, those providing in-kind assistance, and those providing other forms of aid. The government—whether party to the conflict or not—may also be involved in the response.
The plethora of actors—as with anything—can lead to inefficiencies, duplication of assistance, or gaps in assistance. These concerns have led many to argue for a single registry type system (for instance, a government-managed social registry of all beneficiaries) or greater interoperability and information sharing between systems (such as those of nongovernmental organisations (NGOs) and humanitarian agencies). In an ideal world, such systems would move the sector away from separate and disconnected MIS and towards greater collaboration, while maintaining strong protection and privacy standards. (Note: Our Trevor Olexy recently wrote a great blog if you need a refresher on types of MIS.)
We’d like to share a few key observations from the research:
There is potential in leveraging shared data for increased coordination among social protection and humanitarian actors. Whilst there is little data, there is a concern among social protection and humanitarian actors that without coordination, they may be duplicating assistance or be less efficient. Interoperable MIS could allow different humanitarian actors to coordinate their efforts. This would give insights into coverage and effectiveness and lead to better allocation of resources that are often scarce.
There is a trend towards consolidation of larger systems, even as the technology is still developing. There are numerous proprietary MIS managed by different organisations and humanitarian entities. Whilst there are some efforts to collaborate or make these systems interoperable, there also appears to be a culture of one-upmanship to have the largest and most innovative system.
There is a commonly held assumption that centralized humanitarian transfer systems may form the basis of longer-term or government-led social protection systems. As we’ll discuss in future blog posts, such assumptions should be challenged. The collection of personal data when people are at their most vulnerable does not allow for sufficient informed consent. This is particularly concerning in cases where the government is party to the conflict or crisis.
Technology and data processing have uses and consequences that, at present, are poorly understood. Despite the extremely sensitive nature of the data being collected humanitarian practitioners, project managers, and policy advisers alike do not always understand the implications of sharing personal data. Moreover, the data protection policies and practices of national and international NGOs and humanitarian agencies may not be sufficient to protect those who are most vulnerable. Due to weak practices such as sharing personal data files by email, the inadvertent leaking of personal data is inevitable. Humanitarian actors should also be aware that deliberate sharing or hacking is also highly possible: even the most secure cryptographic technologies are at risk with contemporary computing advances.
While there are clear advantages to greater interoperability, this must not come at the expense of data security and privacy for beneficiaries. The implications of different types of MIS for beneficiaries are not just the consequence of the technology itself, but also are a result of the frameworks and behaviors practiced by humanitarian and social protection actors. In this series, we will discuss the security implications of different types of MIS and technologies, the implications of increasing centralization around consent and human-centered design; and the implications for value for money of humanitarian and social protection assistance.
Note: Though this research was funded through the U.K. Government’s Better Assistance in Crises (BASIC) programme, the views expressed in this blog are entirely those of the authors and do not necessarily represent the government’s views or policies.